38f4a94f03f091df39dad7cb166a2eebe966c9099af0a8a8739009acb098559d

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 09:56

Target

38f4a94f03f091df39dad7cb166a2eebe966c9099af0a8a8739009acb098559d.dll
Size

77KB
MD5

225e1b872ab085e19c5447bae4c92980
SHA1

3e216e9e81daf983a9671d1d1094a7fb124859d9
SHA256

38f4a94f03f091df39dad7cb166a2eebe966c9099af0a8a8739009acb098559d
SHA512

bad174c90ed3fabc2d9234d3fb43d8602db073f2cddd90a83c7019848a8d7175933b25fc941f87e1ed9e098aa22e324d184e2bdcb49516b96ac34d593f280913
SSDEEP

1536:cKWmsuL8yN4xoi0AcR73fc8vsWjcdu7iEqt:XWUAJaQu7iTt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 3720	4180	rundll32.exe	59
PID 4180 wrote to memory of 3720	4180	rundll32.exe	59
PID 4180 wrote to memory of 3720	4180	rundll32.exe	59

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38f4a94f03f091df39dad7cb166a2eebe966c9099af0a8a8739009acb098559d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38f4a94f03f091df39dad7cb166a2eebe966c9099af0a8a8739009acb098559d.dll,#1
  2⤵
  PID:3720